I do not consider this a bug. We state that you must either explicitly supply the domain_id of a group in the entity passed to the create call OR use a domain scoped token. Since the ADMIN token is not a domain scoped token, you must provide it in the entity itself (which, to be honest, should be the recommended way of doing it anyway).
** Changed in: keystone Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1493126 Title: openstack group create fails while using admin token Status in Keystone: Invalid Bug description: While using --os-token=ADMIN_TOKEN rather then admin user credentials fails with error message: $ openstack --os-token=<ADMIN_TOKEN> group create "qwerty" ERROR: openstack The request you have made requires authentication. (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8b45e<...>) OS_USERNAME and OS_PASSWORD are set to "" Keystone log contains: 2015-09-07 19:30:50.514850 14499 DEBUG keystone.middleware.core [-] RBAC: auth_context: {} process_request /opt/stack/keystone/keystone/middleware/core.py:209 2015-09-07 19:30:50.533697 14499 INFO keystone.common.wsgi [-] POST http://172.16.51.28:5000/v3/groups 2015-09-07 19:30:50.536504 14499 WARNING keystone.common.controller [-] RBAC: Bypassing authorization 2015-09-07 19:30:50.539266 14499 WARNING keystone.common.utils [-] Couldn't find the auth context. 2015-09-07 19:30:50.547398 14499 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from <IP> Using admin credentials works fine. --------------- Investigation gave me that the root cause of this is that during group creation [0] the token information is being extracted from context [1] which is {empty} for request authenticated using ADMIN_TOKEN [2] [0] https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L300 [1] https://github.com/openstack/keystone/blob/master/keystone/common/utils.py#L523-L525 [2] https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py#L72 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1493126/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp